Spy falcon REALLY sux! - Free Antivirus Forum

Spy falcon REALLY sux!

BullGuard Antivirus Forum > Virus Removal > Removal Help > Spy falcon REALLY sux!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Nad
New Member

Date Joined Mar 2006
Total Posts : 3

Posted 3-7-2006 11:23 (GMT +1)

Here it is!

I tried to post this from the infected computer,but this thing would not let me post on the forum!!!!!!!!!!!!!!!!!!!!!

So I had to go to the networked slave to post this!I thank you now in advance for all your advice!!!!!!!!!!!!!!!Logfile of HijackThis v1.99.1
Scan saved at 3:47:11 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpC841.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125764404006
O18 - Protocol: bw+0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

antispy
Junior Member

Date Joined May 2005
Total Posts : 93

Posted 3-8-2006 12:32 (GMT +1)

Yeah i know that Nad, spyfalcon is really annoying. There are directions that remove spyfalcon

Nad
New Member

Date Joined Mar 2006
Total Posts : 3

Posted 3-8-2006 3:29 (GMT +1)

Here's the new one after the smitreg

It deleted spy falcon!But IE is still being redirected!

What do you think I should do now?

Thanks antispy!

Logfile of HijackThis v1.99.1
Scan saved at 8:16:31 AM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpC3CD.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125764404006
O18 - Protocol: bw+0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14350

Posted 3-8-2006 3:57 (GMT +1)

Hi, sorry if I interfer, but this infection change often, I therefore suggest You proceed as follows-

Please print out or copy this page to Notepad.

Download smitRem at
http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1
Or Smitrem exe:
http://noahdfear.geekstogo.com/

and save the file to your desktop.

Please download Ewido Security Suite at http://www.spywarefri.dk/downloads1/ewido-setup.exe
If You still have it, just check for updates
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes, the status bar at the bottom will display "Update successful"
Exit Ewido. DO NOT run a scan yet.
Ewido is a free trial product for 14 days.

If You still have, just check for updates

Download and install: http://www.filehippo.com/download_ccleaner/

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Open Ccleaner.

1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
2. A pop up box will appear advising this process will permanently delete files from your system.
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.

Run the smitRem.exe tool you downloaded earlier. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run full scan with Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.

Next go to Control Panel->Display->Desktop (or Appearance)->Customize Desktop->Web-> Uncheck 'Security Info'
if present.

Restart your computer back to Normal Mode..

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Please post that log in your next reply.

Then post the Panda log here along with the logs for smitfiles.txt, Ewido and a new HijackThis log.

Regards - Touch

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.

Do not PM me with logfiles. They will be deleted

Nad
New Member

Date Joined Mar 2006
Total Posts : 3

Posted 3-9-2006 2:25 (GMT +1)

Here is what you asked for i hope I did it right!

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:25:58 PM, 3/8/2006
+ Report-Checksum: 530DF2B7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-329068152-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-329068152-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Bill\Cookies\bill@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Bill\Local Settings\Temp\resA.tmp -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\system32\ginuerep.dll -> Not-A-Virus.Hoax.Win32.Renos.bs : Cleaned with backup

::Report End

Incident Status Location

Adware:adware/exact.searchbar                                                   Not disinfected               C:\Documents and Settings\Bill\Local Settings\Temp\blank.gif
Adware:adware/securityerror                                                     Not disinfected               C:\WINDOWS\SYSTEM32\msvol.tlb
Adware:adware/spywarestrike                                                     Not disinfected               C:\WINDOWS\SYSTEM32\1024
Adware:adware/wupd                                                              Not disinfected               Windows Registry
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Bill\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Bill\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/SpyFalcon                                 Not disinfected               C:\Documents and Settings\Bill\Local Settings\Temp\sa1.exe
Potentially unwanted tool:Application/SpyFalcon                                 Not disinfected               C:\Documents and Settings\Bill\Local Settings\Temp\sa1B.exe
Potentially unwanted tool:Application/SpyFalcon                                 Not disinfected               C:\Documents and Settings\Bill\Local Settings\Temp\sa26.exe
Potentially unwanted tool:Application/SpyFalcon                                 Not disinfected               C:\Documents and Settings\Bill\Local Settings\Temp\saF6.exe
Spyware:Spyware/Overpro                                                         Not disinfected               C:\Program Files\DownloadManager\insdl.dll
Adware:Adware/SpywareStrike                                                     Not disinfected               C:\WINDOWS\system32\1024\ldF477.tmp
Adware:Adware/SpyFalcon                                                         Not disinfected               C:\WINDOWS\system32\ldEA1.tmp                                                                                                                                                                                                                                   And lastly

Logfile of HijackThis v1.99.1
Scan saved at 7:23:11 PM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Bill\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125764404006
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADE8E511-BE82-438A-B0D8-EDB3C7D3564C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14350

Posted 3-9-2006 8:59 (GMT +1)

Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: PowerReg SchedulerV2.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} –
http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
O18 - Protocol: bw+ Fix ALL 018 lines

Reboot into Safe Mode by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.

Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files

Delete:

Files:

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ldEA1.tmp

Folders:
C:\WINDOWS\system32\1024\ldF477.tmp

Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

And delete:
PowerReg SchedulerV2.exe

Start- Run, type: %temp% Empty temp folder

Reboot normally, post new hijackthis log and tell how things are running

Regards - Touch

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.

Do not PM me with logfiles. They will be deleted

babarrakus
New Member

Date Joined Dec 2004
Total Posts : 11

Posted 3-9-2006 3:27 (GMT +1)

Hey this is nad!I could not log in for some reason so I asked them for my pasword and they gave me my OLD pass and name.LOL!

I did what you asked I guess I didn't find everything confused

Logfile of HijackThis v1.99.1
Scan saved at 8:12:43 AM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)